Hello!
Sorry for my english.
In my threat model, I hide the use of TOR from ISP. Why do I need it? - To protect against traffic analysis. My opponent is at the state level, but not global. It controls the network from where I enter the TOR, and can compare the time of entry into the TOR network and my specific actions on the network. My goal of using WHONIX is to anonymously communicate with another unknown person. This person can be a partially trusted person or an adversary. That is, he can compare the time of entering the TOR network and the time of receiving messages from me. Because, this person with whom I communicate can be an adversary. I understand that there are many TOR users in my country, and the correlation will take a lot of time, but this is possible over a long period of time. Users with the same login time and sent message will be registered, and in the end it will lead to me. How to avoid?
Here are some of my thoughts:
- Tor via VPN
- Use replaceable transports?
- I need to reply to messages at the appointed time. This means that I need to log into the TOR network at a different time before sending messages and receiving them. Logging out of the TOR network should also be different from the time the last message was sent, right?
- My best idea is to use a dedicated server with Whonix inside KVM with x2go connecting to the server. I don’t like the speed of interaction, but if it protects me, then speed is not important.
In the first case, VPNs are often criticized for an additional attack surface. If the main problem is that a global attacker could have access to the VPN provider’s network, then this is not critical for my threat model. I am sure that having a VPN server where the stream is located in Iceland, then my opponent, obviously, will not have information about the traffic of this country, this is not his jurisdiction. I also read that the VPN partially hides the use of TOR, that is, DPI can detect that I am still using TOR. It’s right? Does this happen in passive mode or purpose?
The use of bridges is also determined by DPI. Do I need to use WHONIX on a dedicated server? What thoughts?